C Exploits
3,632 exploits tracked across all sources.
GazTek ghttpd 1.4 - Remote Code Execution via Long Arguments
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
by flea
PowerFTP 2.24 - Buffer Overflow via Long USER Argument
Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument.
by Morgan
MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration (2)
by st0ic
atphttpd < 0.4b - Remote Code Execution via Long HTTP GET Request
Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
by thread
CVSS 9.8
gv 3.5.8 - Buffer Overflow via Malformed PDF or PostScript File
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
by infamous42md
gv 3.5.8 - Buffer Overflow via Malformed PDF or PostScript File
Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.
by zen-parse
Borland InterBase - Privilege Escalation
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.
by grazer
Apache HTTP Server 2.0.39-2.0.40 - Denial of Service via mod_cgi stderr Deadlock
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
by K.C. Wong
CVSS 7.5
Null HTTP Server <0.5.0 - Buffer Overflow
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
by eSDee
Trillian 0.73-0.74 - Denial of Service via Malicious IRC Server Messages
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
by Lance Fitz-Herbert
Trillian 0.73-0.74 - Denial of Service via Malformed IRC PART Message
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
by Lance Fitz-Herbert
Trillian 0.73-0.74 - Buffer Overflow via Malicious IRC Server Responses
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
by Lance Fitz-Herbert
Trillian 0.73-0.74 - Buffer Overflow via Malicious IRC Server Responses
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
by Lance Fitz-Herbert
Trillian 0.73-0.74 - Buffer Overflow via Malicious IRC Server Responses
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
by Lance Fitz-Herbert
alsaplayer 0.99.71 - Local Buffer Overflow via Long Command Line Argument
Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.
by zillion
Trillian 0.73-0.74 - Buffer Overflow via Malicious IRC Server Responses
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
by Lance Fitz-Herbert
Trillian 0.73-0.74 - Buffer Overflow via Malicious IRC Server Responses
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
by Lance Fitz-Herbert
Cisco VPN 5000 Client <5.2.7/5.2.8 - Privilege Escalation
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
by zillion
Cisco VPN 5000 Client <5.2.7/5.2.8 - Privilege Escalation
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
by BrainStorm
IBM AIX - Denial of Service via SYN Flood
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.
by Nebunu
Cerulean Studios Trillian <0.73 - Info Disclosure
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
by Coeus Group
netris 0.5 - Denial of Service via Long String to Port 9284
netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.
by V9
AFD <= 1.2.14 - Local Privilege Escalation via Long MON_WORK_DIR Environment Variable
Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.
by eSDee
Cisco VPN 3000 Concentrator 2.2.x 3.6(Rel) and 3.x < 3.5.5 - Denial of Service via Long Username
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name.
by Phenoelit
By Source